tag:www.schneier.com,2015:/blog//2/tag:www.schneier.com,2012:/blog//2.4587-2015-02-17T05:43:22ZComments for Cell Phone SurveillanceA blog covering security and security technology.Movable Typetag:www.schneier.com,2012:/blog//2.4587-comment:1016576Comment from jacob on 2012-11-30jacob
@clive. I agree with Robin Williams. Make politicians wear sponsor logos like nascar drivers. and maybe security experts. Of course bruce would have a chuck norris one, or is that vice versa? I laughed during chuck norris line about a cobra in expendables 2. I was thinking of bruce....]]>
2012-11-30T21:07:44Z2012-11-30T21:07:44Ztag:www.schneier.com,2012:/blog//2.4587-comment:1004910Comment from Clive Robinson on 2012-11-23Clive Robinson
@ moo,

They should not take the stance that any particular bits(such as headers, routing info, identity of sender receiver, etc.) are "public" or less deserving of privacy protection, without a very strong reason

Agreed.

However there are those who (appear to) believe that "An honest citizen has nothing to fear, thus they require no privacy from the state etc", however these same self appointed people also believe (with little doubt) that they should be total exempt from any kind of examination from the "honest citizen". Further that any citizen calling this beliefs into question must automaticaly be dishonest to the point of being a "terrorist" and thus have the full force of the state brought to bear against them.

Sadly these people also appear to be either the legislators or those that control the legislators in some way. In either case they appear to have little respect for the wishes of the majority of citizens.

One of their tactics is to deny those with legitimate enquiries the information by which the knowledge required to judge their claims and actions may be acquired, and this is exactly what we see in this case which is what has caused the ire of the judge concerned.

Historicaly we have seen this behaviour befor with the likes of the "Holy Roman Church/Empire" suppressing knowledge and further using falsehoods to suppress those who defy the "church writ" (see history of anabaptists in Germany in the 1500's for example) and likewise those that are close to them in what is a "tyranny of fear".

The one thing history has taught us in this respect is information, and the knowledge that comes from it cannot be kept locked up and the process of it's release is often unpleasent to the extream in an often lengthy process involving much violence by those in power and often retribution by those that depose them.

The founding fathers recognised this issue which is why they tried to ensure a compleate seperation of religion and state, that is religion should have no part in the governing of the people, and that the people should control both the legislature and executive branches of government (in effect the ultimate form of socialism by self determination). Thus you have the seperation of the earthly domain of Ceaser (the state) and the spiritual domain of faith (religion).

Unfortunatly what the founding fathers did not realise to the same extent was the "evil of the accumulation of wealth" and how base financial self interest would "buy" the hard won freedoms cheaply from the people via those they chose to represent them. Thus the subversion of legitimate authority of the state by those with the ability to buy it corruptly from those invested by the people with the power of the state as their chosen representatives.

It's been said that the recent battle for the Presidency of the US has cost well in excess of six billion US dollars directly and considerably more indirectly. How many US citizens do you think have actualy stoped and thought about where that money came from and what those who payed it into campaign funds etc expect in return for their "investment"?

I think that it's a reasonable bet they are looking for a lot more than "ten cents on the dollar", in fact I would guess they are looking for atleast a tenfold return over the four year period as an absolut minimum. And that sort of money can only come from the majority of US citizens that have no choice over what taxes they pay.

But how to ensure the citizens "render unto Ceaser what is Ceasers", well by legislation, suppression and misdirection, where the citizens are in effect subjugated into "Ceaser's domain" without choice in return for the faux illusion of "freedom of choice" that representational democracy offers.

The clue that this system actually lacks freedom of choice is that there is not the choice to say "none of the above" on the ballot and have it count. That is there is no freedom to replace representational democracy or freedom to an alternative other than the choice of representatives given. Hence the resulting "chimps tea party" that arises from selecting a "monkey in a suit" to supposadly represent your interests. But in reality the chimp is a pupet over whom you actually have no control, their real aligence is bought and payed for by others. The chimps in turn ensure their position by the use of their patronage of "appointies" and largesse of "appropriations" from the tax take, back to the puppet masters, who direct a fractional percentage back for "campaign funds".

Thus Ceaser is these days the power behind the throne, hidden in the shadows cast by the spotlights of the circus of representational politics. As such they ensure their protection from the law not by corrupting the LEA's but by purchasing the legislation they want which the LEA's enforce. They leave the coruption of the LEA's to the "political process" of patronage, that is those who desire to benifit from a seat at the top table at the chimps tea party have to be offered a seat by those already sitting there. Thus they know that not only must they offer no threat to those seated at the top table and those in the shadows who control them, but they must also actively provide benifit to them in some way.

Thus as an indipendant judiciary can be seen to be a risk the judiciary must likewise be controled in the main by patronage hence the selection of judges in the upper tiers of the system are in practice political appointees who have likwise reached the positions they have by not being a real threat to those above them.

However it is a circus and the people have to be entertained as part of the spectical thus part of the game is those on the rise appearing to take a stand against those above, but their targets are not those in the shadows just those who's aspirations are not aligned with those in the shadows.

Think of it this way we condem the behaviour of the banks for the economic recession we are in, and thus attacking those in the banking industry is currently the entertainment on offer. However have you asked yourself where the banks get the money they play with? That is who controls the supply of the money they borrow to lend to others?

The myth is it's savers, the reality is it's wealthy investors the majority of whom you and I have not heard of nore are ever likely to. This is because they invest through a veil of financial institutions and offshore funds. However some we do know of such as those in the House of Saud, and other nouveau riche such as Russian oligarchs and it was said that in the financial crisis that arose in 2008 the only financial liquidity in the system was from them and the drugs cartels laudering their money... However it is the "old money" not the "new money" where the real power lies and they have spent many years being careful to stay not just out of the limelight but very firmly in the shadows and well away from the "top 100 richest" lists.

If you look at who some of the bigest campaign fund contributers are you will find that they appear to be Investment Bankers, but you have to ask who actually supplied the money to them to contribute...

We can make guesses based on the legislation that gets selected and promoted or blocked, thus we can surmise that some comes from tobacco and alcohol interests, some from raw energy suppliers such as fossile fuels production, some from mining and other raw resource controllers including the chemical and food related industries as well as the always profitable defence industries and the likes of insurance organisations that invest in them.

And if we cross check these organisations against the lobbying and think tank organisations with the most difficult to find sponsors and those organisations alleged to have significant environmental impact and foreign human rights abuses we see interesting patterns emerge, not least that they pay little or no tax anywhere but in some cases actually receive significant incentives from taxation at home and abroad through "foreign aid budgets" and "overseas development funds". And in some cases where investigations for bribery, kickbacks and similar have started they get stoped due to "national interest" (this has been seen quite openly in the UK with a Serious Fraud Office investigation into the defence industry and Saudi contracts aranged through intermediaries getting stopped).

The difference between signalling and voice is even more ridiculous in this modern age where voice is not carried as an analog signal over a wire, but is digitized and chopped up into packets and lossly-compressed. Voice traffic, like all other traffic, is just bits. Everything is just bits now!

The legal systems of the world ought to just give up on trying to distinguish between control signals (sent by/for the network operator, usually without the user knowing or carying about them) and "user payload" (voice or data the user cares about). Its not even easy to classify all bits as one or the other, and the two are usually mixed together anyway: SMS bits in control channel, framing/packet headers, etc. Just treat it all as private user data and spell out what info law enforcement is allowed to collect in the various situations (with or without a warrant, etc.)

They ought to default to treating all of it as private communications between the sender and receiver, even the parts that are control/signalling bits to/from third parties like the network provider. They should not take the stance that any particular bits (such as headers, routing info, identity of sender/receiver, etc.) are "public" or less deserving of privacy protection, without a very strong reason, because that way lies the police state.

]]>
2012-11-23T20:53:03Z2012-11-23T20:53:03Ztag:www.schneier.com,2012:/blog//2.4587-comment:1003283Comment from Clive Robinson on 2012-11-23Clive Robinson
All phones use some kind of signaling in their operation be it in band or out of band prior to the "voice circuit" becomming open for people to speak.

For some reason when the US judiciary talk about "communications" they mean what happens on the "voice circuit" not what a communications engineer would consider communications which is ALL signaling including that which indicates the phone is usable (ie via a "line test").

The judicial artificial distinction appears to be causing some significant strife for themselves in recent times as various LEO's try to drive a significant wedge into the crack this artificial distinction has caused.

The distinction has alowed the judiciary and LEO's to create an artificial difference between what a device on the various signalling circuits can do. Historicaly a device that was connected to the POTS "customer pair" that just records signaling is refered to as a "Pen Trace Register" whilst one that records the actual voice content or alows an individual to listen to the voice content is usually refered to via the ambiguous term "wire tap".

This distinction based on function not connection allowed the LEO's to maintain an artificial difference for the sake of legal argument, because way back when it made a very limited sense to do so.

This was way back in the time when a phone was a very expensive item to have exclusive access to. Thus most people did not have phones in their homes and had to use a coin operated instrument in a public place or shared instrument in commercial premises. Thus distinquishing the difference between signaling and voice had the ability to "protect the innocent" from encroachment on their private communications, as back then without the voice it was not possible to draw legaly reliable conclusions about whom was speaking to whom. That was unless a law enforcment agent was situated at the instrument at either end to visually identify the persons who had actually spoken to each other. Thus the pen and trace was only used as secondary coroborating information that the call had gone from one instrument under observation to the other instrument under observation not as any kind of primary evidence which a voice monitoring or recording would provide.

So way back then the distinction between the level of evidence ascribed to signalling and voice communications made some kind of very limited sense, and as a result the level of evidence required to get authority to place a pen and trace register was way way less than a wiretap.

Since then a lot of things have changed but the judicial view has not changed on the issuance of authority to intercept signalling or voice communications, even though other judicial view aspects have.

Historically as the price dropped people started having phones put in their homes initialy for status or business/health and later for business conveniance and much later for social conveniance. The POTS (Plain Old Telephone System) "customer instrument" was installed by the Telephone Service Provider (Ma Bell as was) into the "customer premises" so it's location was known, but as the location of the instrument had always been known the judiciary did not wake up to the esssential fact that LEO's did, LEO's were nolonger needed an agent to watch the phone thus a hugh saving on manpower could be made as the pen and trace recorder became the witness.

Thus Judges started sleepwalking into the current mess, by simply accepting the LEO/prosecuters assertion that because the instrument was in a persons private residence it was a resident of the premises that was using the the instrument thus the burdan of proof switched from the LEO/Prosecutors to the defendant to show who was using the phone and when.

Thus at this point the judiciary and legislature realy should have changed the requirments on the issuance of authority for the instalation of pen and trace registers to the same as voice recording/monitoring as the evidence the pen and trace was providing was nolonger secondary evidence for coroboration but primary evidence...

But things got worse when "itemized billing" became the norm, as these were the equivalent of pen and trace register testimony it realy ceased to matter how an LEO got their hands on the printed bill. Thus unlike letters that could be privileged utility bills including phone bills were not, even though the information on the bill could be privaledged and should be treated as such.

Now phones have become very much personal and very mobile and almost impossible to avoid having due to social and business preasure the judiciary are slowly waking up from their deep slumbers on devices connected to communications channels, however they are tying themselves into knots because they want to try and maintain the presumed difference between signalling and voice channels.

Perhaps they should take a long sup of that Java Devil's Brew and clear their minds and realise that there is no difference between signalling and voice they are both communications and both provide primary evidence and as such all communications should be treated no matter where they originate from as private and from the equivalent of somebodies home and thus require a full warrant and full traceability such that it can be properly tested in a court of law.

Because if the judiciary and legisliture don't, their previous sleepwalking on the issue whilst at the helm will lead them into a waking nightmare the nature of which neither they nor the defendants would wish, nor for that matter the general public as it is in effect opening the doors onto a police state.

Fortunately, the public criticism that followed seems to have caused good senator Leahy to abandon his proposal for now.

]]>
2012-11-22T16:33:43Z2012-11-22T16:33:43Ztag:www.schneier.com,2012:/blog//2.4587-comment:1001585Comment from B. Johnson on 2012-11-22B. Johnson
It's a tough problem to solve. If you didn't work brand new technology (or aren't a huge geek like me), think about what people even 10 years younger that you understand that you barely grasp. Now add a judge/cop/lawmaker that's 20, 30, or 40 years older and the problem gets worse. There's no easy way to solve it, and it's why the law lags behind technology so badly.]]>
2012-11-22T16:32:14Z2012-11-22T16:32:14Ztag:www.schneier.com,2012:/blog//2.4587-comment:1001083Comment from Autolykos on 2012-11-22Autolykos
@Steven Hoober: Yep, it's a shame that we usually let theologists (with a few philosophers mixed in as alibi) decide what science may or may not do, even in countries usually regarded as modern (I can confirm it for Germany, at least). I'm not sure if politicians would do better, however. Both usually don't have a clue what they are talking about and may have questionable motives.]]>
2012-11-22T10:38:59Z2012-11-22T10:38:59Ztag:www.schneier.com,2012:/blog//2.4587-comment:1000865Comment from AC2 on 2012-11-22AC2
Also:

]]>
2012-11-22T08:18:03Z2012-11-22T08:18:03Ztag:www.schneier.com,2012:/blog//2.4587-comment:1000814Comment from Jellix on 2012-11-22Jellix
@1984: The so called "Stingray" is probably an (maybe improved) version of the IMSI-Catcher.]]>
2012-11-22T07:43:17Z2012-11-22T07:43:17Ztag:www.schneier.com,2012:/blog//2.4587-comment:999912Comment from Steven Hoober on 2012-11-21Steven Hooberhttp://www.donttouchme.com
My favorite bit:

Among the judge’s biggest concerns: that the agents and U.S. attorneys making the requests didn’t provide details on how the tools worked or would be used — and even seemed to have trouble explaining the technology.

“Without such an understanding, they cannot appreciate the constitutional implications of their requests,” Magistrate Judge Brian Owsley wrote in an order last month...

Not just good for all the government intrusion stuff, but a lesson for everyone. If you cannot understand the technology (at least a little), you cannot design for it, make meaningful decisions about what to fund, etc.

(Next: make analogous to politicians with massive misunderstandings of science, on the Science & Technology committee).

]]>
2012-11-21T21:58:39Z2012-11-21T21:58:39Ztag:www.schneier.com,2012:/blog//2.4587-comment:999851Comment from 1984 on 2012-11-211984
The MITM tower attack can be defeated with end to end encryption like using the Redphone app for android.

I guess the only way to get info on this stingray device is through good old social engineering: call up whoever is selling it and pretend to be a Euro cabinet staffer interested in buying it and ask for manuals/details.

]]>
2012-11-21T21:23:50Z2012-11-21T21:23:50Ztag:www.schneier.com,2012:/blog//2.4587-comment:999763Comment from vasiliy pupkin on 2012-11-21vasiliy pupkin
Very good article confirming that judicial oversight over surveilance practice of LE Agencies/other Executive structures is vital to protect and enforce Constitutional provisions, Bill of Rights in particular. Constitution is protecting today's subjects of surveilance becoming tomorrow's unlwaful objects of surveilance as well.